5 1 0:Managing Credential Sets
Overview
SEP sesam enables you to store and manage credential sets, which are combinations of usernames and passwords. These credentials are used for remote installations, or accessing network resources during backup. Typically, a credential set should use either a local Administrator account or a domain Administrator account that belongs to the local Administrators group on the target computer.
Credential sets are required for establishing connections using WMI during remote installations on target computers. A credential set can be assigned to a specific client, or it can be linked to a specific location and used for all clients in that location. If credential sets are configured for both a location and a client in that location, the set configured for the client takes precedence. Note that you can set the credential set when you start the installation (the Windows remote installation is executed using WMI remote commands).
Credential sets can be used when configuring backup tasks, particularly for Path UNC backups, where they enable access to data stored on network shares. They are used to back up data stored on file servers, network-attached storage (NAS) devices, or other shared storage locations accessible over a network.
In contrast, client updates are performed using sm_ssh. Once the client is installed, the SEP sesam Server can access the client without the need for system credentials.
Password security
Passwords are encrypted using the blowfish algorithm and securely stored in the SEP sesam database. They are never stored in plain text or logged in clear text format. When a credential set is deleted, both the username and password are permanently removed from the SEP sesam database, ensuring complete data privacy and security.
Managing credential sets in GUI
Credential sets can be accessed and managed in several places in the SEP sesam GUI:
- Locations: navigate to the Main Selection -> Components -> Clients, in the tree view double-click a location and in the Properties window switch to the OS Access tab.
- Clients: navigate to the Main Selection -> Components -> Clients, in the tree view find and double-click a client and in the Properties window switch to the OS Access tab.
- Remote installation: navigate to the Main Selection -> Components -> Clients, in the tree view find and right-click a Windows client, select Install SEP sesam and then click Manage.
- Backup tasks: navigate to the Main Selection -> Tasks -> By Clients, find and double-click a backup task. Alternatively, you can select and right-click a client and click New Backup Task. In the Properties window switch to the OS Access tab.
You can perform the following actions:
- Create new credential set: To create a new credential set, click New. Enter a name for the credential set that will help you identify the account. Enter the username in the format DOMAIN\USER for domain accounts or HOST\USER for local accounts. Next, enter the password and repeat it for verification. Click Save to save the credential set, and then click Apply to confirm the changes for the client, location, or backup task.
- Assign or unassign credential set: You can link or unlink a credential set to/from a client, location, or backup task. Select the credential set in drop-down list. To unlink, select the empty slot. Click Apply to save the change.
- Modify credential set: To modify the details of an existing credential set, click Edit. You can update the username, password, or the name associated with the credential set. Once done, click Save and then Apply to confirm the changes.
- Delete credential set: Before you delete a credential set, ensure it is no longer in use. You can delete a credential set only if it is not assigned to any clients, locations, or backup tasks. First, unassign the set by clicking the empty slot and then clicking Apply. Once unassigned, select the credential set and click Delete. Confirm the deletion to remove it permanently.
Managing credential sets in CLI
The sm_cmd command in SEP sesam offers various commands for managing credential sets in the command-line interface (CLI). These commands enable management of credential sets in SEP sesam, allowing you to perform actions such as creating, importing, modifying, linking, and deleting credentials.
To list the available options for managing credential sets in the CLI, you can use the following command:
sm_cmd help credential
- Usage examples
Retrieve a specific credential set:
sm_cmd get credential <credential_set>
Add a new credential set:
sm_cmd add credential -t <credential_type> -U "<username>" -P "<password>" -l "<additional_options>"
Import a credential set from a JSON file:
sm_cmd import credential -n <new_credential_name> -o logical -f "<json_file_path>"
Export SSH/SSL key pair to files:
sm_cmd export credential <credential_set> -i @private_key_file -l @public_key_file
Remove an existing credential set:
sm_cmd remove credential <credential_set>
See also
SEP sesam Configuration – First Steps - Configuring Clients - Remote Installation of Windows Clients - Creating a Backup Task